2013 ICS Cyber Security Conference Program Released

By Walt Boyes

Jul 16, 2013

Joe Weiss' annual ICS Cyber Security Conference will be held in association with Georgia Tech Research Institute October 21-24 in Atlanta, GA. The 2013 conference provides four days for Operations, Control Systems and IT Security professionals to connect on SCADA, DCS and PLC cyber security.

Here's a preview of the conference program:

A series of Primers - introductory presentations delivered by experts to participants from various backgrounds on key areas relevant to the Conference - will kick off the event on Monday. Areas covered include Understanding Industrial Control Systems, Basics of Networking, Approaches to System Security, and System Fragility vs. Robustness.

A small but pioneering electric utility will present the motivations, operating context, metrics and first results of an ICS security solutions test-bed. Since one cannot measure security but reliability is measureable, the focus of this test-bed is on how tools used for security affect reliability and safety. The utility is implementing a wide range of ICS security approaches (from controls hardware to log analysis) in the production environments that control its generation and distribution functions and will report to the audience on its findings. Utility and vendors involved in the project will be available for individual discussions during the Conference.

A panel of industry senior executives who have made ICS cyber security a priority for their business will discuss what drove their decision process and will share their insights on how IT and operations managers need to make the case for ICS cyber-security investments to VP and C-level decision makers.

A leading analyst of Industrial Control Systems cyber-threats will present and discuss the intelligence covering key events of the past 12 months – vulnerabilities, threats and actual incidents. The speaker’s remarks will conclude with a perspective on what we can expect going forward and implications for attendees.

The cyber security of an ICS should be a consideration from the get-go, but how does one do that? An experienced operations engineer will share good industry practices in integrating “security requirements” from sourcing to go-live: design, vendor & integrator selection, acceptance testing and getting the system hardened, configured and ready to go.

Keeping an operating ICS absolutely secure may be impossible, but much can be done to make it more robust and resilient. Based on many years of experience, the speaker will present and illustrate important security-enhancing practices for attendees to take back home.

An executive in charge of production infrastructure availability and security will share his experience on how to design and run an organization tasked with ICS cyber-security including: What does a mixed ICS cyber security team look like? What is the division of tasks between IT, Ops, Security, Safety, Compliance, etc.? What are success metrics? How should individual and teams be incentivized?

Earlier this year, it was announced that an ICS honeypot was able to attract attackers from all over the world. The developer of the honeypot will discuss his results and what he has done further in making the honeypot even more enticing to the hacker world.

Project Shine was developed to use the open source tool Shodan to identify ICSs that are directly Internet facing. To date, the developers have found more than 1 million devices directly connected to the Internet. One of the co-developers will provide a status of the project.

Aurora is the name given to an electric grid vulnerability demonstrated at the Idaho National Lab in 2007.It is a gap in protection that makes all electric substations potential threat vectors into utility customers’ AC rotating equipment, including synchronous motors. This means all utility AC loads in manufacturing, data centers, DOD installations, etc can be at risk. This session will provide a comprehensive explanation of Aurora, dispel some misrepresentations and present what is being done to date at the nation’s only two Aurora remediation hardware implementation sites.